-
Notifications
You must be signed in to change notification settings - Fork 198
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: update ansible docker deployment steps
feat: add steps to create ami image and push to marketplace feat: add steps to publish ami image chore: update github action changes update github actions to assume role
- Loading branch information
1 parent
5dae083
commit 9ffca89
Showing
18 changed files
with
284 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
name: Packer build AWS AMI's | ||
on: | ||
workflow_dispatch: | ||
branches: | ||
- prod | ||
|
||
jobs: | ||
plan: | ||
environment: Terraform | ||
defaults: | ||
run: | ||
working-directory: /home/runner/work/ballerine/deploy/aws_ami | ||
runs-on: ubuntu-latest | ||
name: Packer build Artifacts | ||
steps: | ||
- name: Checkout to Git | ||
uses: actions/checkout@v2 | ||
|
||
- name: Assume Role | ||
uses: ./ | ||
env: | ||
ROLE_ARN: ${{ secrets.AWS_PACKER_ROLE }} | ||
ROLE_SESSION_NAME: packersession | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
DURATION_SECONDS: 900 | ||
|
||
- name: Setup `packer` | ||
uses: hashicorp/setup-packer@main | ||
id: setup | ||
with: | ||
version: 1.8.7 | ||
|
||
- name: Run `packer init` | ||
id: init | ||
run: "packer init template.json.pkr.hcl" | ||
|
||
- name: Run `packer validate` | ||
id: validate | ||
run: "packer validate template.json.pkr.hcl" | ||
|
||
- name: Build AWS AMIs | ||
run: "packer build template.json.pkr.hcl" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/cleanup-packer-build.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
- name: Remove sensitive credential (1) | ||
shell: find / -name "authorized_keys" -exec rm -f {} \; | ||
become: true | ||
|
||
- name: Remove sensitive credential (2) | ||
shell: find /root/ /home/*/ -name .cvspass -exec rm -f {} \; | ||
become: true | ||
|
||
- name: Restart rsyslog | ||
shell: service rsyslog restart | ||
become: true |
9 changes: 9 additions & 0 deletions
9
deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/clone-ballerine.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
- name: Clone Ballerine | ||
git: | ||
repo: https://github.com/ballerine-io/ballerine.git | ||
dest: "{{ install_dir }}" | ||
version: dev | ||
clone: yes | ||
update: yes | ||
ignore_errors: yes |
11 changes: 11 additions & 0 deletions
11
deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/deploy-ballerine.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
- name: Deploy Ballerine with localhost | ||
shell: sudo docker-compose -f docker-compose-build.yml up -d | ||
args: | ||
chdir: "{{ install_dir }}/deploy" | ||
when: vite_api_url == "" | ||
|
||
- name: Deploy Ballerine with custom Domain | ||
shell: sudo docker-compose -f docker-compose-build-https.yml up -d | ||
args: | ||
chdir: "{{ install_dir }}/deploy" | ||
when: vite_api_url != "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine-runtime.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
- name: create runtime path folder | ||
file: | ||
dest: "{{ install_dir }}/scripts" | ||
mode: 0755 | ||
recurse: yes | ||
owner: "{{ cloud_user }}" | ||
group: "{{ cloud_group }}" | ||
state: directory | ||
|
||
- name: create boot script | ||
template: | ||
src: templates/boot.sh | ||
dest: "{{ install_dir }}/scripts/boot.sh" | ||
mode: 0755 | ||
|
||
- name: create reboot entry job | ||
cron: | ||
name: "ballerine job" | ||
special_time: reboot | ||
user: "{{ cloud_user }}" | ||
job: "{{ install_dir }}/scripts/boot.sh" | ||
|
||
- name: setup ssh key for ballerine user | ||
copy: | ||
src: templates/init-ssh.sh | ||
dest: /var/lib/cloud/scripts/per-instance | ||
mode: 0755 | ||
owner: "{{ cloud_user }}" | ||
group: "{{ cloud_group }}" | ||
become: true | ||
|
||
- name: setup ssh key for {{ default_user }} user | ||
copy: | ||
src: templates/init-ssh.sh | ||
dest: /var/lib/cloud/scripts/per-instance | ||
mode: 0755 | ||
owner: "{{ default_user }}" | ||
group: "{{ cloud_group }}" | ||
become: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-init-config.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
- name: deploy cloud init config file | ||
template: src=templates/cloud-config.cfg dest=/etc/cloud/cloud.cfg.d/defaults.cfg | ||
become: true | ||
|
||
- name: create group ballerine | ||
group: name={{ cloud_user }} state=present | ||
become: true | ||
|
||
- name: create user ballerine | ||
user: name={{ cloud_user }} groups={{ cloud_group }} | ||
become: true | ||
|
||
- name: create user {{ default_user }} | ||
user: name={{ default_user }} groups={{ cloud_group }} | ||
become: true | ||
|
||
- name: add sudoers group for user {{ cloud_user }} | ||
copy: | ||
content: 'ballerine ALL=(ALL) NOPASSWD: ALL' | ||
dest: /etc/sudoers.d/ballerine | ||
mode: 0440 | ||
owner: root | ||
group: root | ||
become: true |
9 changes: 9 additions & 0 deletions
9
deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-user-data.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
- name: setup runtime user data | ||
copy: | ||
src: ../templates/user-data.sh | ||
dest: /var/lib/cloud/scripts/per-instance | ||
mode: 0755 | ||
owner: "{{ cloud_user }}" | ||
group: "{{ cloud_group }}" | ||
become: true |
11 changes: 11 additions & 0 deletions
11
deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/boot.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash | ||
|
||
cd /home/ballerine/ballerine | ||
|
||
git checkout dev ; git pull | ||
|
||
cd /home/ballerine/ballerine/deploy | ||
|
||
sudo docker-compose -f docker-compose-build.yml pull | ||
|
||
sudo docker-compose -f docker-compose-build.yml up -d |
5 changes: 5 additions & 0 deletions
5
deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/cloud-config.cfg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#cloud-config | ||
system_info: | ||
default_user: | ||
name: ballerine | ||
lock_passwd: false |
17 changes: 17 additions & 0 deletions
17
deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/init-ssh.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/bin/bash | ||
|
||
authorized_keys_path=/home/ballerine/.ssh/authorized_keys | ||
if [[ ! -e "$authorized_keys_path" ]]; then | ||
echo "Setting SSH key" | ||
sudo cp ~/.ssh/authorized_keys "$authorized_keys_path" | ||
sudo chown ballerine:ballerine "$authorized_keys_path" | ||
fi | ||
|
||
authorized_keys_ubuntu_path=/home/ubuntu/.ssh/authorized_keys | ||
if [[ ! -e "$authorized_keys_ubuntu_path" ]]; then | ||
echo "Setting SSH key for ubuntu user" | ||
sudo mkdir -p /home/ubuntu/.ssh/ | ||
sudo chmod -R 700 /home/ubuntu/.ssh/ | ||
sudo cp ~/.ssh/authorized_keys "$authorized_keys_ubuntu_path" | ||
sudo chown -R ubuntu:ballerine /home/ubuntu/.ssh/ | ||
fi |
8 changes: 8 additions & 0 deletions
8
deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/user-data.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/bin/bash | ||
|
||
default_user_name="[email protected]" | ||
default_user_password=admin | ||
|
||
echo "${default_user_name}:${default_user_password}" > /home/ballerine/ballerine/credential | ||
|
||
echo -e "\n***************************************************\n* Default username : $default_user_name *\n* Default password : $default_user_password *\n***************************************************\n" >/dev/console |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#cloud-config | ||
system_info: | ||
default_user: | ||
name: ballerine | ||
lock_passwd: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
# Configuration - AWS base image | ||
variable "base_ami" { | ||
type = string | ||
default = "ami-01e444924a2233b07" # Ubuntu 22.04.2 LTS | ||
} | ||
|
||
# Configuration - AWS provisioning instance type | ||
variable "instance_type" { | ||
type = string | ||
default = "t2.micro" | ||
} | ||
|
||
# Configuration - AWS subnet | ||
variable "subnet_id" { | ||
type = string | ||
default = "subnet-01d1b883a41235506" | ||
} | ||
|
||
# Configuration - AWS VPC | ||
variable "vpc_id" { | ||
type = string | ||
default = "vpc-0ed0113663b1fbf40" | ||
} | ||
|
||
|
||
# "timestamp" template function replacement | ||
locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") } | ||
|
||
# Variable - AMI naming | ||
locals { | ||
image_name = "ballerine-marketplace-snapshot-${local.timestamp}" | ||
} | ||
|
||
# Builder - Provision AWS instance | ||
source "amazon-ebs" "ballerine-aws-ami" { | ||
ami_name = "ballerine-ami-${local.timestamp}" | ||
instance_type = "${var.instance_type}" | ||
launch_block_device_mappings { | ||
delete_on_termination = true | ||
device_name = "/dev/sda1" | ||
volume_size = 25 | ||
volume_type = "gp2" | ||
} | ||
region = "eu-central-1" | ||
source_ami = "${var.base_ami}" | ||
ssh_username = "ballerine" | ||
subnet_id = "${var.subnet_id}" | ||
vpc_id = "${var.vpc_id}" | ||
skip_create_ami = false | ||
user_data_file = "./defaults.cfg" | ||
} | ||
|
||
# Provisioning - Setup Ballerine | ||
build { | ||
sources = ["source.amazon-ebs.ballerine-aws-ami"] | ||
|
||
provisioner "ansible" { | ||
user = "ballerine" | ||
playbook_file = "../ansible/ballerine_playbook/ballerine-playbook.yml" | ||
extra_arguments = ["--skip-tags", "deploy"] | ||
} | ||
} |